GDPR Statement
EFFECTIVE 3. November 2022
At Dataloy Systems AS, we take personal data information obligations seriously.
What You Should Know
The GDPR distinguishes between a Data Controller (the legal entity that determines the purpose for which, and the manner in which, any personal data is collected) and a Data Processor (the legal entity responsible for the handling of personal data on behalf of the Data Controller). In cases where Dataloy Systems AS is hosting the systems, and/or provide support on the systems, we act as Data Processor.
How Dataloy Systems Can Help
In keeping with our obligations as a Data Processor, Dataloy Systems promises to:
Keep personal data safe, secure, and private
Process personal data in a manner that ensures appropriate security, using lawful, fair and transparent means
Disclose our sub-processors and responsibly monitor their GDPR compliance
Keep all required compliance records and audit logs
Make available tools to handle data subject requests, such as the right-to-erasure and right-to-access
Provide timely notice of personal data breaches
The Data Processing Addendum
To satisfy the GDPR, each Data Controller must receive “sufficient guarantees” from its Data Processors that they can implement measures (technical and organisational) to meet the requirements of the GDPR. Since there are currently no codes of conduct or certifications upon which Data Controllers can rely, standard contractual clauses and data processing agreements are quickly becoming the norm.
Sub-Processors
We use the following third-party data processors when providing our service:
Amazon AWS
Active Campaign
HubSpot
Chargebee
Atlassian
Stripe
Integration Partners
You also have the option to enable additional Dataloy Systems integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of our integration partners. Each customer is responsible for evaluating any third-party before creating or enabling an integration.
Who Is Dataloy Systems’ Data Protection Officer (DPO)?
How Can You Request Access to Your Personal Information?
We recommend you first contact the Data Controller (i.e. the merchant organisation to whom Dataloy Systems is providing the Dataloy Systems AS service).
In the subject line, please indicate “Request for Personal Information”. In your email, please specify:
Your full name
Whether you are an individual or a representative of a Data Controller
If you are an individual, the name of your Data Controller (i.e. the merchant organization to whom Dataloy Systems is providing the Dataloy Systems Service).
Please note that we will need to share your request with the Data Controller to verify and action it. We will endeavour to fulfil all access requests within 30 days of our receipt.
How Can You Request Deletion of Your Personal Information?
We recommend you first contact the Data Controller (i.e. the merchant organization to whom Dataloy Systems is providing the Dataloy Systems Service).
In the subject line, please indicate “Request for Deletion”. In your email, please specify:
Your full name
Whether you are an individual or a representative of a Data Controller
If you are an individual, the name of your Data Controller (i.e. the merchant organization to whom Dataloy Systems is providing the Dataloy Systems Service).
Please note that we will need to share your request with the Data Controller to verify and action it. We will endeavour to fulfil all access requests within 30 days of our receipt.